Re: [ISN] Warchalking is theft, says Nokia

From: InfoSec News (isnat_private)
Date: Thu Sep 19 2002 - 23:48:52 PDT

Next message: InfoSec News: "[ISN] Open-source group gets Sun security gift"

Previous message: InfoSec News: "[ISN] Security UPDATE, September 18, 2002"
Maybe in reply to: InfoSec News: "[ISN] Warchalking is theft, says Nokia"
Next in thread: InfoSec News: "RE: [ISN] Warchalking is theft, says Nokia"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: hobbitat_private (*Hobbit*)

   Warchalking, ... can be accessed freely, has been blasted as theft.

What total rot.

What if a company with a large campus provided a bunch of bicycles for
employees to quickly get between buildings, and some outsiders came in
and occasionally "borrowed" a few bicycles for their own uses?  Would
the company have a leg to stand on if it didn't take even a *token*
step to limit usability of said bicycles to employees only?  [I don't
know, some sort of simple permanently-affixed lock to prevent wheel
rotation that staff is given a key for would suffice.]

What if the bicycles are a wireless cloud, and the common key is WEP,
that makes the simple statement that "the resource is really for
authorized employee use only and we'd really rather not have you
muckin' about with it if you don't work here?"  Not particularly hard
to defeat, but is just enough to keep the honest people in line with
the caveat that their data isn't *private* unless they also use some
kind of end-to-end encryption.

Additional messages about usage can be sent by blocking tcp 25
outbound -- again, not hard to get around, but requires that someone
perform an obvious act of subterfuge to do so.  If such measures are
cheap to implement and go a long way toward limiting the perceived
risk of a completely open environment, why would the company spend all
its time going around publicly blustering about "theft" instead of
simply using the token locking mechanisms?  Cripes. *Nokia*, of all
outfits, should know better.

The thing *I* don't understand about warchalking is that it would seem
much easier to just re-sniff the air yourself than to run around
looking for faded chalk marks on the front of a building, and then
trying to interpret what exactly the last passing hobo meant by it.  
What's the point, when you can tell exactly what's up from a block
away instead of parading back and forth in front of the building's
security guard staring at the walls?  "War" is about *not* making it
obvious what you're up to.

_H*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Open-source group gets Sun security gift"
Previous message: InfoSec News: "[ISN] Security UPDATE, September 18, 2002"
Maybe in reply to: InfoSec News: "[ISN] Warchalking is theft, says Nokia"
Next in thread: InfoSec News: "RE: [ISN] Warchalking is theft, says Nokia"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 20 2002 - 02:12:01 PDT